-
Notifications
You must be signed in to change notification settings - Fork 11
Step 6 postinstall script
Joe Workman edited this page Jan 16, 2020
·
7 revisions
In the postinstall script add in the following payload. The LaunchDaemon must be moved to a system's /Library/LaunchDaemons/ directory in the postinstall script.
#!/bin/sh
# set the LaunchDaemon variable with the name of the LaunchDaemon
DAEMON="com.jumpcloud.prestage.plist"
# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER=''
# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD=''
cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF
# Move LaunchDaemon to /Library/LaunchDaemons/
if [[ ! -f "/Library/LaunchDaemons/${daemon}" ]]; then
mv "/var/tmp/${daemon}" "/Library/LaunchDaemons/"
fi
# Set Permissions
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 "/Library/LaunchDaemons/${daemon}"
chown root:wheel "/Library/LaunchDaemons/${daemon}"
# load the LaunchDaemon
launchctl load -w "/Library/LaunchDaemons/${daemon}"
Populate the ENROLLMENT_USER=''
and the ENROLLMENT_USER_PASSWORD=''
with the values specified for this account in Step 2
Example:
#!/bin/sh
# set the LaunchDaemon variable with the name of the LaunchDaemon
DAEMON="com.jumpcloud.prestage.plist"
# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER='Welcome'
# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD='Welcome1!'
cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF
# Move LaunchDaemon
if [[ ! -f "/Library/LaunchDaemons/${daemon}" ]]; then
mv "/var/tmp/${daemon}" "/Library/LaunchDaemons/"
fi
# Set Permissions
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 "/Library/LaunchDaemons/${daemon}"
chown root:wheel "/Library/LaunchDaemons/${daemon}"
# load the LaunchDaemon
launchctl load -w "/Library/LaunchDaemons/${daemon}"
The presences of the JumpCloud-SecureToken-Creds.txt
file is require to install the JumpCloud agent with the JumpCloud Service Account. The JumpCloud Service Account is mandatory to manage Secure Tokens and FileVault enabled users. The JumpCloud-SecureToken-Creds.txt
is deleted by the agent install process and removed from the system.